Health Privacy

Health Privacy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW CAREFULLY. THIS NOTICE IS EFFECTIVE ON APRIL 14, 2003.

We have summarized our responsibilities and your rights on this first page. For a complete description of our privacy practices, please review this entire notice.

Our Responsibilities:

Our agency is required to:

  • Maintain the privacy of your health information.
  • Provide you with this notice of our legal duties and privacy practices with respect to information we collect and maintain about you.
  • Abide by the terms of this notice.

Your Rights:

As a person who receives services from our organization, you have several rights with regard to your health information, including the following:

  • The right to request that we not use or disclose your health information in certain ways.
  • The right to request to receive communications in an alternative manner or location.
  • The right to access and obtain a copy of your health information.
  • The right to request an amendment to your health information.
  • The right to an accounting of disclosures of your health information.

We reserve the right to change our privacy practices and to make the new provisions effective for all health information we maintain. Should our privacy practices change, we will post the changes on the bulletin board in our specific locations as well as on our web site. A copy of the revised notice will be available after the effective date of the changes upon request.

We will not use or disclose your health information without your authorization, except as described in this notice.

Understanding Your Health Record/Information

Each time you receive services from our agency a record of this service is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information, often referred to as your health or medical record, serves as a:

  • Basis for planning your care and treatment.
  • Means of communication among the many health professionals who contribute to your care.
  • Legal document describing the care you received.
  • Means by which you or a third-party payer can verify that services billed were actually provided. 
  • A tool in educating health professionals.
  • A source of data for health care research
  • A source of information for public health officials who oversee the delivery of health care in the United States
  • A source of data for agency planning and marketing
  • A tool with which we can assess and continually work to improve the care we render and the outcomes we achieve

Understanding what is in your record and how your health information is used helps you to: ensure its accuracy, better understand who, may access your health information, when and form what purpose, and make more informed decisions when authorizing disclosure to others.

How We Will Use or Disclose Your Health Information

We use and disclose our client/resident’s health information for a variety of reasons. Under Federal law, we have the right to use and/or disclose your health information to provide treatment, to obtain payment for our services and to carry out our health care operations without your prior consent or authorization. However, we will ask for your prior written consent for most disclosures of your health information to third parties in order to comply with more stringent requirements under Ohio law. For uses and disclosures other than for treatment, payment and health care operations, both Federal and Ohio law, with exceptions described below, require us to have your written authorization. If we disclose your health information to an outside entity so that the entity may perform a function on our behalf, we will enter into an agreement with that entity to protect your information in the same manner that we must protect it. The following information describes and gives examples of how we may use and disclose your health information:

  1. Treatment: We will use or disclose your information for treatment purposes, including for the treatment activities of other health care providers. For example, information obtained by a nurse, physician, or other member of your healthcare team will be recorded in your record and used to determine the course of treatment that should work best for you. Your physician will document in your record his or her expectations of the members of your healthcare team. Members of your healthcare team will then record the actions they took and their observations. In that way, the physician will know how you are responding to treatment. We will also provide your physician or a subsequent healthcare provider with copies of various reports that should assist him or her in treating you once you’re discharged from our agency.
  2. Payment: We will use or disclose your health information for payment, including for the payment activities of other health care providers or payers. For example, a bill may be sent to you or a third-party payer, including Medicare and Medicaid. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used.
  3. Health care operations: We will use or disclose your health information for our regular health operations. For example, members of the clinical staff, the quality improvement director or members of the quality improvement team may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and service we provide. In addition, we will disclose your health information for certain health care operations of other entities. However, we will only disclose your information under the following conditions: (a) the other entity must have, or have had in the past, a relationship with you; (b) the health information used or disclosed must relate to that other entity’s relationship with you; and (c) the disclosure must only be for one of the following purposes: (i) quality assessment and improvement activities; (ii) population-based activities relating to improving health or reducing health care costs; (iii) case management and care coordination; (iv) conducting training programs; (v) accreditation, licensing, or credentialing activities; or (vi) health care fraud and abuse detection or compliance.
  4. Business associates: There are some services provided in our organization through the use of outside people and entities. Examples of these “business associates” including our accountants, consultants and attorneys. We may disclose your health information to our business associates so that they can perform the job we’ve asked them to do. To protect your health information, however, we require the business associates to appropriately safeguard your information.
  5. Research: We may use your health information for research purposes when the research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
  6. Transfer of information at death: We may disclose health information to funeral directors, medical examiners, and coroners to carry out their duties consistent with applicable law.
  7. Organ procurement organizations: Consistent with applicable law, we may disclose health information to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
  8. Marketing: We may contact you regarding your treatment, to coordinate your care, or to direct or recommend alternative treatments, therapies, health care providers or settings. In addition, we may contact you to describe a health-related product or service that may be of interest to you, and the payment for such product or service.
  9. Fundraising: We may contact you as part of a fund-raising efforts.
  10. Food and Drug Administration (FDA): We may disclose to the FDA, or to a person or entity subject to the jurisdiction of the FDA, health information relative to adverse events with respect to food, supplements product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
  11. Workers compensation: We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.
  12. Public health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
  13. Correctional institution: Should you be an inmate of a correctional institution, we may disclose to the institution or agents thereof health information necessary for your health and the health and safety of other individuals.
  14. Law enforcement/judicial and administrative proceedings: We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena.
  15. Appointment reminders: We may use or disclose personal health information to remind you about appointments.
  16. Treatment alternatives: We may use or disclose personal health information to inform you about treatment alternatives that may be of interest to you.
  17. Health oversight activities: We may disclose your personal health information to a health oversight agency for oversight activities authorized by law. These may include, for example, adults, investigations, inspections, and licensure actions or other legal proceedings. These activities are necessary for government oversight of the health care system, government payment or regulatory programs, and compliance with civil rights laws.
  18. Reporting Victims of Abuse, Neglect, or Domestic Violence: If we believe that you have been a victim of abuse, neglect, or domestic violence, we will use and disclose your personal health information to notify a government authority if required or authorized by law.
  19. Reports: Federal law makes provision for your health information to be released to an appropriate health oversight agency, public health authority or attorney, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or have otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.

 
Your Health Information Rights

Although your health record is the physical property of the agency, the information in your health record belongs to you. You have the following rights:

  • You may request that we not use or disclose your health information for a particular reason related to treatment, payment, the agency’s general health care operations, and/or to a particular family member, other relative or close personal friend. We ask that such requests be made in writing on a form provided by our agency. Although we will consider your requests with regard to the use of your health information, please be aware that we are under no obligation to accept it or to abide by it. We will abide by your requests with regard to the disclosure of your clinical and personal records to anyone outside of this organization, except in an emergency, if you are being transferred to another health care institution, or the disclosure is required by law. If you are dissatisfied with the manner in which or the location where you are receiving communications from us that are related to your health information, you may request that we provide you wish such information by alternative means or at alternative locations. Such a request must be made in writing, and submitted to the appropriate clinician. We will attempt to accommodate all reasonable requests. For more information about this right, see 45 C.F.R. § 164.522(b).
  • Right of access to health information: You have the right to request, either orally or in writing, your medical billing records or other written information that may be used to make decisions about your care. We must allow you to inspect you records within 24 hours of your request. If you request copies of the records, we must provide you with copies within 2 days of that request. We may charge a reasonable fee for our costs in copying and mailing your requested information.
  • If you believe that any health information in your record is incorrect or if you believe that important information is missing, you may request that we correct the existing information or add the missing information. Such requests must be made in writing, and must provide a reason to support the amendment.
  • You may request that we provide you with a written accounting of all disclosures made by us during the time period for which you request (not to exceed 6 years). We ask that such requests be made in writing on a form provided our agency. Please note that an accounting will not apply to any of the following types of disclosures:
  1. For treatment, payment or health care operations;
  2. To you or your legal representative, or any other individual involved with your care;
  3. Incident to a use or disclosure permitted or required by the Federal Privacy Rule;
  4. Based on your authorization to release information;
  5. For use in the facility directory;
  6. For national security or intelligence purposes;
  7. As a part of a limited data set for research, public health, or health care operations; and,  
  8. To a health oversight agency or law enforcement official for the period of time that the agency or official asked to have the information not disclosed.
  • You have the right to obtain a paper copy of our Notice of Privacy Practices upon request. You may also access and print a copy of our notice from our website: www.benrose.org.
  • You may revoke an authorization to use or disclose health information, except to the extent that action has already been taken. Such a request must be made in writing.

 
For More Information or to Report a Problem

If you think we may have violated your privacy rights, or you disagree with a decision we made about access to your health information, you may file a compliant with the persons listed below. You also may file a written complaint with the Office for Civil Rights, U.S. Department of Health and Human Services at: 233 N. Michigan Ave., Suite 240, Chicago, Ill. 60601 or call: 1-877-696-6775.

We will take no retaliatory action against you if you make such complaints.

If you have questions about this notice or any complaints about our privacy practices:

  • Client Rights Officer at (216) 791-8000
  • The statewide Client Rights Advocate at (614) 466-2333

Web Privacy


Privacy Policy

POLICY: It is the policy of the Benjamin Rose Institute on Aging (BRIA) to comply with all applicable privacy and data protection laws. This Privacy Policy summarizes what personal information BRIA may collect, how BRIA may use this information, and other important topics relating to privacy and data protection. 

The Benjamin Rose Institute, also known as Benjamin Rose Institute on Aging, (the “Organization”) respects your right to privacy. This Privacy Policy summarizes what personal information we may collect, how we may use this information, and other important topics relating to your privacy and data protection. 

It is the Organization’s policy to comply with all applicable privacy and data protection laws. This commitment reflects the value we place on earning and keeping the trust of our clients, business partners, and others who share their personal information with us. 

This Policy applies to all Internet sites and mobile applications operated by or on behalf of the Organization and includes its affiliates and subsidiaries worldwide (each an “Organization Internet Site or App”), including www.benrose.org, www.esop-cleveland.org, and www.hoardingconnectioncc.org. It also applies to personal information we may otherwise collect: (i) through our products and services; (ii) when you interact with us by means other than an Organization Internet Site or App, for example, in person or by telephone; and (iii) from our clients, distributors, suppliers, vendors, and other business partners (collectively “Business Partners”). 

The Organization’s Collection, Use and Disclosure of Personal Information 

To the extent required by applicable law, whenever the Organization collects personal information, we will: 

  • provide timely and appropriate notice to you about our data practices; 
  • collect your personal information only for specified and legitimate purposes. The information we collect will be relevant, adequate and not excessive for the purposes for which it is collected; 
  • process your personal information in a manner consistent with the purposes for which it was originally collected or to which you have subsequently consented; 
  • take commercially reasonable steps to ensure that your personal information is reliable for its intended use, accurate, complete, and, where necessary, kept up-to-date; 
  • not use your personal information for direct marketing purposes without giving you an opportunity to “opt-out”; and 
  • take appropriate measures, by contract or otherwise, to provide adequate protection for personal information that is disclosed to a third party or transferred to another country, including transfers within the Company. 

Personal Information the Organization Collects 

The Organization collects the following types of personal information: 

  • Information You Provide. The Organization collects personal information you provide us, which may include: (i) contact information, such as your name, company name, job title, address, e-mail address, and phone number; (ii) additional information about how you use our products or services; (iii) comments, questions, requests and orders you may make; (iv) financial information needed to process payments if you make purchases or donations, such as credit card or account information or tax identification number; and (v) information about your preferences, such as your preferred methods of communication and the types of services in which you are interested. 
  • Information Automatically Gathered from Your Device.
    Device and browser information. The Organization may collect technical information about your device, such as device type, browser type, IP address, operating system, and device identifier. The Organization collects this information automatically from your device and web browser through cookies and similar technologies.
    Information about how you interact with us. The Organization may collect technical data about your usage of Organization Internet Sites and Apps and how you interact with our digital advertisements and promotions, such as content viewed or downloaded, features used, links clicked, Organization promotional emails opened, and dates and times of interactions. The Organization collects this information using cookies and similar technologies.
    Location information. The Organization may collect location information, including precise real-time location information from your device and imprecise location information derived from, for example, your IP address or postal code. Organization Apps will NOT access precise-real time location information from your device unless you grant permission to do so.  
  • Cookies and Similar Technologies. A “cookie” is a file of information placed on your device when you visit a website. Cookies and similar technologies can enhance your user experience by saving your preferences, personalizing your online experience, and sometimes providing you with advertising which is tailored to your interests. Organization Internet Sites use “session cookies.” A session cookie does not identify you personally and expires after you close your browser. Organization Internet Sites also use “persistent cookies.” These cookies do not expire when you close your browser. Persistent cookies stay on your computer until you delete them or they expire. By assigning your computer a unique identifier, we are able to create a database of your previous choices and preferences which can be provided by us automatically, saving you time and effort on future visits. You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled. You may wish to visit www.aboutcookies.org which contains comprehensive information on how to modify the cookie settings on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone or tablet you will need to refer to your device manual. Please note that you will not be able to opt out of receiving certain cookies that are strictly necessary for the delivery of a service requested by you.
    Analytics. This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout
  • Information from Business Partners and other Third Parties. The Organization collects personal information through our Business Partners. This information may include contact information, such as name, company name, job title, address, e-mail address, and phone number. The Organization may also obtain personal information from other third-party sources, including publicly and commercially available sources. We may combine the information we receive from our Business Partners and other third-party sources with information that we collect from you or your device, as described above. 
  • Personal Health Information. If you voluntarily participate in research studies conducted by the Organization or receive certain health related services, the Organization may collect personal health information (“PHI”). The federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) outlines strict guidelines to ensure the privacy and confidentiality of any PHI the Organization may collect from you. To learn more about the Organization’s compliance with HIPPA, please review the Organization’s Notice of Privacy Practices. 

You have choices about the personal information you provide the Organization. You may choose not to provide information that we request, but if you do so, we may not be able to provide you a relevant service or a particular feature for an Organization Internet Site, App, or service. 

How the Organization Uses Your Personal Information 

The Organization may use your personal information to: 

  • Develop and manage our relationships with you and our Business Partners. This may include: (i) delivering services or carrying out transactions that you or our Business Partners have requested; (ii) providing information about the Organization’s products, services, and transactions, and advertisements, that may be of interest to you; (iii) providing you and our Business Partners a more consistent experience in interacting with the Organization, including by learning more about you and how you use and interact with Organization Internet Sites, Apps, products, and services; and (iv) planning, managing, and performing under our contractual relationships with our Business Partners. 
  • Communicate with you or your company. This may include: (i) informing you of the Organization’s products, services, and promotional activities that may be of interest to you or your company; (ii) providing information about relevant Organization products, services, and transactions, including, for example, pricing information, technical data, invoice, shipping, or production information, warranty or recall information, or information about product or service improvements; (iii) responding to questions or inquiries that you make, including customer service requests; and (iv) inviting you to participate in, or informing you of the results of, customer satisfaction or market research surveys. 
  • Provide and improve our Internet Sites, Apps, products, and services. This may include: (i) customizing them to your preferences or interests, making them more compatible with your technology, or otherwise making them easier to use; (ii) maintaining the security of and otherwise protecting them; and (iii) developing new Organization Internet Sites, Apps, products and services. 
  • Address legal issues. This may include: (i) complying with our obligations to retain certain business records for minimum retention periods; (ii) establishing, exercising, or defending legal claims; (iii) complying with laws, regulations, court orders, or other legal process; (iv) detecting, preventing, and responding to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law, or other misuse of Organization Internet Sites, Apps, products or services; and (v) protecting the Organization’s rights or property, or yours or others’ health, safety, welfare, rights, or property. The Organization may also use your personal information for other uses consistent with the context in which the information was collected or with your consent. The Organization may anonymize or aggregate any of the information we collect and use it for any purpose, including for research and product-development purposes. Such information will not identify you individually. 

When the Organization May Share Your Personal Information 

The Organization will not disclose your personal information except as described here: 

  • The Organization may share your personal information with other Organization entities. When we do so, these other Organization entities will use your information in a manner consistent with this Policy and all applicable privacy and data protection laws. 
  • The Organization may also share your personal information with third parties we hire to perform support services for us. These third parties are required to use the personal information we share with them only to perform services on our behalf and to treat your personal information in compliance with all applicable privacy and data protection laws. 
  • In some cases, the Organization may share your personal information with third parties who partner with us to collaborate on research projects or to provide products and services to our clients, such as distributors. If so, we will require our Business Partners to use that information in a manner consistent with this Policy and all applicable privacy and data protection laws. 
  • The Organization may share your personal information with third parties when we have a good faith belief that disclosure is necessary: (i) to comply with a law, regulation, court order, or other legal process; (ii) to detect, prevent, and respond to fraud, intellectual property infringement, violation of our contracts or agreements, violation of law, or other misuse of Organization Internet Sites, Apps, products or services; (iii) to protect the Organization’s rights or property or yours or others’ health, safety, welfare, rights, or property; or (iv) under similar circumstances. If such an event occurs, we will take appropriate steps to protect your personal information. 
  • The Organization may share your personal information with third parties in connection with the sale, purchase, merger, reorganization, liquidation or dissolution of the Organization or an Organization business unit, or under similar circumstances. If such an event occurs, we will take appropriate steps to protect your personal information. 
  • The Organization may share your information with your permission or at your request. 
  • The Organization may share anonymized or aggregated information internally and with third parties for any purpose. Such information will not identify you individually. 

Security of Your Personal Information 

Your personal information will generally be stored in the Organization’s databases or databases maintained by our service providers. Many of these databases are stored on servers located in the United States. The Organization takes appropriate measures, by contract or otherwise, to provide adequate protection for personal information that is disclosed to a third party or transferred to another country, including transfers within the Organization. 

The Organization maintains reasonable safeguards to protect the confidentiality, security and integrity of your personal information. Although we use security measures to help protect your personal information against unauthorized disclosure, misuse, or alteration, as is the case with all computer networks linked to the Internet, we cannot guarantee the security of information provided over the Internet and will not be responsible for breaches of security beyond our reasonable control. 

Links to Third Party Internet Sites and Plugins 

Organization Internet Sites and Apps may contain links to websites or mobile apps that are not operated by the Organization and plugins from social media platforms and other third parties. An example of a social media plugin is the Facebook “Like” button. We provide these links and plugins as a service and do not imply any endorsement of the activities or content of the related websites, apps, or social media platforms, nor any association with their operators. To learn about the information collected by these third-party websites, apps, and plugins, please visit their privacy policies. We encourage you to review the privacy policies for the websites, apps, and social media platforms you visit before using them or providing personal information. 

Retention of Your Personal Information 

How long we keep your personal information will vary and will depend on the purpose and use of information collected. There are legal requirements that we keep some types of data for specific periods. Otherwise, we will retain it for no longer than is necessary for the purposes for which the data was collected. 

Children 

Organization Internet Sites and Apps are not intended for children under 13 years of age. The Organization will not knowingly solicit or collect personal information from or about children under 13, or the relevant minimum age under applicable local legal requirements, except as permitted under applicable law. 

Additional Information for EU Residents 

The Organization’s lawful basis for processing your personal data:

The lawful basis for the Organization’s processing of your personal data will depend on the purposes of the processing. For most personal data processing activities covered by this Privacy Policy, the lawful basis is that the processing is necessary for the Organization’s legitimate business interests. Where we process personal data in relation to a contract, or a potential contract, with you, the lawful basis is that the processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. When we are required to share personal data with law enforcement agencies or other governmental bodies, we do so on the basis that we are under a legal obligation to do so. We will also use consent as the legal basis where we deem appropriate or to the extent required by applicable law, for example, before we collect precise location data from your mobile device.

Processing on the basis of legitimate business interests. When we process personal information on the basis that the processing is necessary for our legitimate business interests, such interests include: (i) providing, improving, and promoting Organization Internet Sites, Apps, products, and services; (ii) communicating with current and potential customers, other Business Partners, and their individual points of contact; (iii) managing our relationships with our customers and other Business Partners, and their individual points of contact; (iv) other business development purposes; (v) sharing information within the Organization, as well as with service providers and other third parties; and (vi) maintaining the safety and security of our products, services and employees, including fraud protection. 

Processing on the basis of performance of a contract. Examples of situations in which we process personal information as necessary for performance of a contract include e-commerce transactions in which you purchase a product or service from the Organization, on your own behalf, through an Organization Internet Site or App.

Processing on the basis of consent. Examples of processing activities for which the Organization uses consent as its legal basis include: (i) collecting and processing precise location information from your mobile device; (ii) sending promotional emails when consent is required under applicable law; and (iii) processing personal data on Organization Internet Sites or Apps through cookies and similar technologies when consent is required by applicable law.

Processing because the Organization is under a legal obligation to do so. Examples of situations in which the Organization processes personal data to comply with its legal obligations include: (i) payment of taxes and other government levies; (ii) providing your personal data to law enforcement agencies and other governmental bodies when required by applicable laws; (iii) retaining business records required to be retained by applicable laws; and (iv) complying with court orders or other legal process. 
 
Additional information about the retention of your personal data:

To determine the period for which your personal data will be retained in accordance with this Policy, the Organization considers criteria such as: (i) any applicable legal requirements to retain data for a certain period of time; (ii) any retention obligations related to actual or potential litigation or government investigations; (iii) any retention requirements in relevant agreements with our Business Partners; (iv) the date of your last interaction with the Organization; (v) the length of time between your interactions with the Organization; (vi) the sensitivity of the data; and (vii) the purposes for which the data was collected. 

Your individual rights:

In accordance with the applicable laws in the European Union, you have the following rights with respect to your personal data, which apply differently in different circumstances: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, and right to object to processing. Most of these rights are not absolute. Below we describe these rights in more detail and provide information on how you can exercise them. If you make a request to exercise your rights, we will respond within one month, but have the right to extend this period by two additional months, where necessary. If we extend the response period, we will let you know within one month from your request.  

You can exercise your rights by contacting:
Benjamin Rose Institute on Aging
Phone number: (216) 373-1640
Email: myinfo@benrose.org   
 
Right of Access. You have the right to ask the Organization to confirm whether we process your personal data. If we do, you have the right to request access to your personal data that we process and the following information: (i) the purposes of the processing; (ii) the categories of personal data we process; (iii) the recipients or categories of recipients of your personal data; (iv) the envisaged retention period of the data where possible, or the criteria we use to determine the retention period; (v) your right to request rectification or erasure of your personal data, or restriction of the processing of such data; (vi) your right to file a complaint with a supervisory authority; (vii) if we have not collected the data from you, any information we have available about the source of the data; and (viii) whether we use your personal data to make any automated decisions that have legal or other similar significant effects on you.

Right to rectification. You have the right to have the Organization correct your personal data if they are inaccurate. Taking into account the purposes of the processing, you may also have the right to have incomplete personal data about you completed, including by providing a supplementary statement to the Organization. 

Right to object to processing for the Organization’s legitimate business interests. You have the right to object to the Organization processing your personal data when that data is processed on the basis of the Organization’s legitimate business interests. The Organization will honor your objection and stop processing the relevant personal data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, and freedoms; or (ii) we need to continue processing your personal data to establish, exercise, or defend a legal claim. 

Right to object to processing for direct marketing. If the Organization processes your personal data for direct marketing purposes, you have the right to object to this processing. If you exercise this right, the Organization will stop processing your personal data for direct marketing purposes. 

Right to restrict processing. You have the right to request that the Organization restrict the processing of your personal data in the following circumstances: (i) for the period of time the Organization needs to verify the accuracy of your personal data when you contest its accuracy; (ii) when the processing of your personal data is unlawful and you oppose the erasure of the data, and instead request that the Organization restrict the use of the data; (iii) when the Organization no longer needs your personal data for the purposes of processing, but you need the data to establish, exercise, or defend a legal claim; or (iv) for the period of time the Organization needs to verify if it has compelling legitimate grounds for processing that override your interests, rights, and freedoms when you object to the processing of your personal data for the Organization’s legitimate business interests. 

If following your request, the Organization restricts the processing of your personal data, we will store your data, and otherwise process it only with: (i) your consent; (ii) to establish, exercise, or defend a legal claim; (iii) to protect the rights of another natural or legal person; or (iv) for reasons of important public interest of the European Union or a Member State. The Organization will also inform you before lifting the restriction of processing. 

Right to erasure. The right to erasure is also called the “right to be forgotten.” You may ask the Organization to delete your personal data. This right is not absolute. The Organization is required to delete your personal data upon your request only in the following circumstances: (i) your personal data is no longer necessary for the purposes for which we collected or processed them; (ii) if the Organization processes your personal data on the basis of consent, you withdraw your consent, and no other legal ground exists for us to continue processing your personal data; (iii) if the Organization processes your personal data for its legitimate business interests, you object to the processing, and there are no overriding legitimate grounds for us to continue processing your personal data; (iv) if the Organization has processed your personal data unlawfully; or (v) the personal data must be erased to comply with a legal obligation under European Union or Member State law to which the Organization is subject. 

The Organization is not required to erase your personal data to the extent that the Organization needs to process them to: (i) exercise its right of freedom of expression and information; (ii) comply with a legal obligation under European Union or Member State law to which the Organization is subject; or (iii) to establish, exercise, or defend a legal claim. 

Right to data portability. You have the right to receive personal data you provided to the Organization when: (i) the processing of the data is based on your consent or is necessary for the performance of a contract between you and the Organization; (ii) the Organization’s processing of your personal data is carried out by automated means; and (iii) complying with your request will not adversely affect the rights and freedoms of others. 

If you have the right to receive such personal data and request that we provide it, the Organization will provide it to you in a structured, commonly used, and machine-readable format. 

Right to lodge a complaint with a supervisory authority. The Organization will use its best efforts to address and settle any requests or complaints brought to its attention. In addition, you have the right to approach the competent data protection authority with requests or complaints. This can be the supervisory authority in the country or federal state where you live. 

Questions about this Policy

If you have any questions about this Policy or our use of your personal information, please contact: 

IT Administrator 
11890 Fairhill Road 
Cleveland, OH 44120 
Phone number: (216) 373-1640   
Email:  myinfo@benrose.org

Changes to this Policy  

Changes to this Policy will be posted on this site, along with information on any material changes. The Organization reserves the right to update or modify this Policy at any time and without prior notice. Any modifications will apply only to the personal information we collect after the posting. 

This Policy was last revised in May, 2019